For each service that supports dual approval, the system defines the required privilege to start
the service (make) and the privilege required to complete the service (check).
Additionally, there is always an option to allow a user direct execution of a
service, bypassing the dual approval process; however, this requires another
privilege. Some common scenarios for dual approval include:
- Consumer registration – in cases where regulations dictate additional
validation of KYC information.
- Wallet entries additions – for security reasons, consumers and agents might
not have permission to directly activate new payment instruments for
consumers.
- Transactions – for sensitive transactions where the initiating agent should
not be the same as the agent completing the transaction.